Skip to main content

Replayable Python protocol engine for validating time-bound future claims from canonical artifacts.

Project description

Future Claim Certifier

Future Claim Certifier is a Python implementation of Dynamic Future-Claim Certification (DFCC). It checks whether a time-bound claim about a future state can be used as authority, and it explains why the answer is allow, deny, unknown, expired, blocked, or conflicting.

The project is designed for software agents, auditors, and protocol engineers who need decisions that can be replayed later from the same files. Every important input is a canonical artifact with a digest, schema, reason path, and typed outcome.

Paper: Takahashi, K. (2026). Dynamic Future-Claim Certification: A Replayable Authority Validation Protocol with Canonical Artifacts. Zenodo. https://doi.org/10.5281/zenodo.21199529

What It Does

DFCC separates three questions that are often mixed together:

  • What was certified at issue time?
  • Is the certificate still active at use time?
  • Is the requested use allowed for this context?

The package implements the protocol layer:

  • canonical JSON and digest identity;
  • artifact bundles and reference resolution;
  • schema/profile validation;
  • accepted evidence and audit-only raw evidence;
  • bounded certificate issuance;
  • lifecycle/status replay;
  • represented and operational authority checks;
  • golden conformance cases.

It is not a general solver. The bundled backend is an exact finite-state reference backend for small examples and tests. Larger solvers, simulators, or proof engines can be connected behind the checker interfaces.

Install

For users:

python -m pip install future-claim-certifier
dfcc conformance run --suite primary

For local development:

uv sync --all-groups
uv run dfcc conformance run --suite primary

Python 3.11 or newer is supported. The import package is dfcc; the command line tool is dfcc.

Five-Minute CLI Flow

Create a certificate from the safe-temperature example:

uv run dfcc certify examples/safe_temperature/spec.json --out issue.json

Check whether a represented use is allowed at status time:

uv run dfcc check \
  issue.json \
  examples/safe_temperature/proposed_use.json \
  examples/safe_temperature/status_context.json \
  --out status-view.json

Run full artifact-bundle replay:

uv run dfcc validate-bundle artifact-bundle.json --full-replay

Replay lifecycle/status data directly from a bundle:

uv run dfcc replay-status --bundle artifact-bundle.json

List and export schemas:

uv run dfcc schema list
uv run dfcc schema export issue-certificate.schema.json --out issue-schema.json

Run packaged conformance suites:

uv run dfcc conformance run --suite primary
uv run dfcc conformance run --suite legacy

Python Example

from dfcc import check_authority
from dfcc.certificate import certify_claim, certify_claim_from_artifact_bundle

certificate = certify_claim(claim, bundle, anchor, time_basis)
view = check_authority(certificate, proposed_use, status_context)

outcome = view.authority_outcome
if outcome.code == "assert" and not outcome.blocking_set:
    use_claim_as_represented_authority()

For strict artifact-bundle issuance, use:

certificate = certify_claim_from_artifact_bundle(artifact_bundle)

The strict path uses accepted clauses or explicit trust assumptions. Raw evidence is audit data only and cannot silently change the certified semantics.

Reading Outcomes

DFCC is conservative. Missing or conflicting evidence is never upgraded into an allowing result.

Common results:

  • assert: the represented claim is currently usable as true for the requested represented use.
  • deny: the represented claim is currently usable as false for the requested represented use.
  • accept: the operational target is allowed after observation, completion, fiber, adjudication, adequacy, and policy checks.
  • reject: the operational target is rejected by those checks.
  • unknown: more accepted evidence or proof material is needed.
  • expired: the status time is outside the certificate validity window.
  • out_of_frame: the requested use is outside the certified frame.
  • conflict: artifacts, lifecycle traces, or proof records disagree.
  • policy_block: the protocol result exists, but policy does not allow use.

For non-allowing outcomes, inspect blocking_records, failure_records, and typed reason_ref_records. They identify the artifact digest and JSON Pointer path that caused the decision.

Documentation

Release And Quality Gates

The repository CI runs:

  • ruff format and lint;
  • mypy strict type checking;
  • pytest with coverage gate at 90% or higher;
  • bandit;
  • pip-audit;
  • primary and legacy conformance suites;
  • package build and distribution metadata checks.

PyPI publishing uses GitHub Actions Trusted Publishing. No long-lived PyPI API token is required.

License

Apache License 2.0. See LICENSE and NOTICE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

future_claim_certifier-1.0.0.tar.gz (254.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

future_claim_certifier-1.0.0-py3-none-any.whl (190.1 kB view details)

Uploaded Python 3

File details

Details for the file future_claim_certifier-1.0.0.tar.gz.

File metadata

  • Download URL: future_claim_certifier-1.0.0.tar.gz
  • Upload date:
  • Size: 254.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for future_claim_certifier-1.0.0.tar.gz
Algorithm Hash digest
SHA256 58906885045149f99375ab87112d095bf45e9cab8182c346deb05d9dc3da2862
MD5 0139909501c14a3fc9a9dc0d5b96a469
BLAKE2b-256 9296710f222e6a0b30ea45c4fb3f6d3087a2ac2be3b75c924b5a6a7a8633aed2

See more details on using hashes here.

Provenance

The following attestation bundles were made for future_claim_certifier-1.0.0.tar.gz:

Publisher: workflow.yml on kadubon/future-claim-certifier

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file future_claim_certifier-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for future_claim_certifier-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 07af3bc38e023f485287d26f35ed98343f75b41b5b9c34c4d95a223a2ce8d277
MD5 48615919612cdd0cee5367295acc0014
BLAKE2b-256 2757627004bdd3ccaa7fbdcae41985c47c6c6562d946a92e5b72fa96008a46c4

See more details on using hashes here.

Provenance

The following attestation bundles were made for future_claim_certifier-1.0.0-py3-none-any.whl:

Publisher: workflow.yml on kadubon/future-claim-certifier

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page